Abstract - University of Windsor



60-564

Report on Paper Review

Submitted By:

Ataul Bari

Table of Contents

Page

1. Introduction 05

1.1 Wireless Networks 06

1.2 Characteristics of Ad Hoc Networks 08

1.3 Usages of Ad Hoc Networks 09

1.4 The MANET Model 10

1.5 The Protocol Stack 11

1.6 Wireless Networks Physical Layer 12

1.7 Ad Hoc Networks MAC layer 12

1.8 Ad Hoc Networks Routing Layer 14 2 Security-Aware Adaptive Dynamic Source Routing Protocol (SADSR) 16

2.1 Secure Routing in ad hoc networks 16

2.2 Dynamic Source Routing Protocol (DSR) 16

2.3 The SADSR Protocol Overview 18

2.4 The Attackers 18

2.5 Assumptions for the SADSR Protocol 19

2.6 The SADSR Protocol 20

2.6.1 Certificate Acquisition 20

2.6.2 Multi-path Route Discovery 21

2.6.3 Routing 24

2.7 Security Analysis 26

2.7.1. Attacks on Route Discovery 26

2.7.1.1 Modification of source routes 26

2.7.1.2 Route cache poisoning 27

2.7.1.3 Not participating in route discovery 27

2.7.2 Attacks on Routing 27

2.7.2.1 Modification of Routes or Data in a Data Packet 28

2.7.2.2 Dropping the Packets 28

2.7.3 Fabrication of Route Error Messages 28

2.7.4 Denial of Service Attacks 29

2.7.4.1 Sending RREQs with Fake IDs 29

2.7.4.2 Sending RREQs to a Fake Destination 30

2.8 Experimental Results 30

2.8.1 Simulation Setup 30

2.8.2 Results 31

3 SERAN: Security Equipment protocol in Routing in Ad hoc Networks 33

3.1 Overview 33

3.2 Smart Cards 33

3.3 Definition and Notations 35

3.4 The Communication in SEARAN 36

3.4.1 Sending Data to Other Nodes 36

3.4.2 Receiving Data from Other Nodes 37

3.5 Evaluation of [pic] 38

3.6 Improvement 39

3.7 Advantages and Disadvantages 40

4 Conclusions 41

5 References 42

Abstract: One of the emerging technologies of current days is Wireless networking where users can access information and services using wireless interfaces, irrespective of their geographical location. Mobile Ad hoc wireless network (MANET) is a kind of infrastructurless, self-organizing and self-managing wireless network, which may be quickly deployed to provide data communication services to the user in arbitrary communication environments. One of the important characteristics of MANET is that it lacks any fixed centralized entity to look after the overall coordination activities of the entire network. In MANETs, any (and all) nodes can change its geographical position, with respect to time, in any arbitrary direction and speed.

The security is a weak point in ad hoc networks due to the inherent quality of wireless media, mobility of the nodes and lack of centralized entity. Most of the proposed routing protocols proposed for ad hoc networks assume that every node in the network is cooperative and trustworthy, which may not always be true. To address that, a number of secure routing protocols for mobile ad hoc networks have been proposed, one of which is Security-Aware Adaptive Dynamic Source Routing Protocol (SADSR). This protocol is designed to secure an existing routing protocol called Dynamic Source Routing (DSR), by extending it in such a way that the non-malicious nodes in a network can detect and isolate malicious nodes in the network.

Sometime, it may be of some interest to protect (hide) particular equipment in an ad hoc network from other entities (nodes) of the same network. It may be desirable because of saving the battery power of certain critical node or for isolating a congested node in the network etc. The Security Equipment protocol in Routing in Ad hoc Networks (SERAN) is proposed to achieve such objectives. In SERAN, the protected node remains invisible to the other entities in the network and therefore cannot be used by them for the purpose of routing. The SERAN uses the smart cards technology and introduces a new layer called “SERAN” in the IP layer to accomplish its objective and dose not need to modify the existing routing layer.

1 Introduction

One of the emerging technologies of current days is wireless networking where users can access information and services irrespective to their geographical location, using wireless interfaces. Mobile Ad hoc wireless network (MANET) is a kind of wireless network, which may be quickly deployed to provide data communication services to the user in arbitrary communication environments. One of the main characteristics of this type of network is that it lacks any kind of centralized entity to look after the overall management activities of the networks.

The security is a weak point in ad hoc networks due to the inherent quality of wireless media, mobility of the nodes and lack of centralized entity. The security requirements are availability, confidentiality, integrity, authentication and non-repudiation, and it is difficult to assure these requirements. Denial-of-service, impersonation, Byzantine failure, disclosure and poor physical protection of nodes are among the serious security threats [2].

Most of the proposed routing protocols proposed for ad hoc networks assume that every node in the network is cooperative and trustworthy and take security as granted, which may not always be true. A number of secure routing protocols for mobile ad hoc networks have been proposed so far, one of which is Security-Aware Adaptive Dynamic Source Routing Protocol (SADSR) [1]. This protocol is designed to secure an existing routing protocol called Dynamic Source Routing (DSR) by extending it in such a way that malicious nodes in a ad hoc network can be detected by the non-malicious nodes in the same network. Once detected, the malicious nodes are isolated (also by the non-malicious nodes) so that they cannot disrupt the functionality of the network.

Sometime, it may be desirable to protect (or hide) particular equipment in a network from other entities (node) of the same network. One of the reason may be that ad hoc networks are based on mobile devices like cellular phone, portable computers etc. that have limited battery life and protecting equipment in a way so that it will not work for others may save energy for the node. Protecting equipment scheme may also be useful for isolating a congested node in the network [2].

Security Equipment protocol in Routing in Ad hoc Networks (SERAN) [2] is a new approach designed to address these issues. In SERAN, a node is provided with the ability to use the ad hoc network without completely providing its resources into it i.e. a node get the ability to ‘hide’ themselves form all other nodes in the network. The node that is protected by SERAN will be invisible, if it chose to be, in the routing tables of the other nodes; therefore it will not be used for routing in the network. This is essential when the battery of that device faces a shortage of charge and there is a possibility of the device of getting disconnected from the network. Moreover, since no other devices in the network can communicate with it unless it is willing, the purpose of security is also served. The SERAN uses the smart cards technology and introduces a new layer called “SERAN” in the IP layer to accomplish its objective and dose not need to modify the existing routing layer.

This report describes the result of review on SADSR and SERAN. The content of the report is organized as follows: section 1 briefly describes the wireless ad hoc networks in general, including its characteristics, usages, models and the protocol layers. Section 2 describes the SADSR protocols in details and section 3 describes the SERAN in details. Finally, some concluding remarks are included in section 4.

1.1 Wireless Networks

In a Wireless network, nodes use wireless media to communicate among themselves. Wireless networks can be broadly classified into two categories, Infrastructured network and Ad Hoc (or Infrastructureless) network.

An infrastructured network (Fig. 1) consists of fixed and wired gateways. Networking infrastructure refers to the facility, the sole purpose of which is to carry the data generated by each node to the respective destination node. In this kind of network, a mobile host communicates with a fixed base station within its communication radius, and can move geographically while it is communicating with the base station. In a situation where a mobile node goes out of range of one base station, it connects with new base station and starts communicating through it [3].

[pic]

Fig. 1 Infrastructured network

In Ad Hoc or Infrastructureless networks (Fig. 2) all nodes are mobile and can be connected dynamically in an arbitrary manner. Nodes are computing and communication devices, which can be laptop computers, PDAs, mobile phones or even sensors. In ad hoc networks, nodes themselves form a network to communicate with each other without any centralized entity like base station. Nodes in ad hoc networks act as routers as well. Every node is expected to perform route discovery and route maintenance within the network.

A Mobile ad hoc network (MANET) is an infrastructure less wireless network consisting of a number of self-organizing and self-managing wireless nodes, any or all of which may be mobile. These nodes act autonomously, and dynamically create a wireless network amongst them without using any networking infrastructure support. Networking infrastructure refers to the facility where network services are provided by the network to which a host is connected via the base station. Due to the absence of infrastructure in the ad hoc networks, the hosts themselves provide network services like routing, address-assignment, DNS-like name translation etc. [4].

[pic]

Fig. 2 Ad Hoc or Infrastructureless networks

Ad hoc networks are very useful in situations where quick network deployment is desirable like emergency search-and-rescue operations, conference, conventions etc.

1.2 Characteristics of Ad Hoc Networks

A Mobile Ad Hoc Network (MANET) does not rely on any pre-existing fixed network infrastructure and can be deployed rapidly within a geographical area. Once deployed, the network nodes can freely move around, causing creation and deletion of network links depending on the radio propagation conditions, resulting in time varying network topology. Also the nodes can join and leave the network at any time without informing the network. Thus, MANETs are capable of providing data networks services in arbitrary communication environments and are responsive to time varying network topology.

Typically, MANETs contain a large number of nodes, ranging from hundreds to thousands, and a large span. The MANET nodes may be built on diverse platforms and may exhibit different mobility patterns. Within a MANET, variations of speed, direction of movement, acceleration/deceleration, or restrictions on paths can be significantly different among the nodes. E.g. a MANET may contain stationary nodes along with a pedestrian, an armoured vehicle and an aeroplane. In the presence of such diversity, the MANET is expected to provide networks services for delivering data of various types, including voice, image, and video. In brief, a MANET my be characterized as follows:

• Dynamically variable Topologies: As nodes mobility is arbitrarily, the network topological change may be random and unpredictable.

• Bandwidth constrained links: The capacity of wireless links is significantly lower than that of hardwired links. Also, the throughput is lower due to multiple access, fading, noise, and interference conditions etc.

• Energy constrained operation: Nodes in MANET are assumed to be powered by lightweight batteries, thus energy conservation is desirable.

• Little or no Infrastructure, nodes are self-organizing and self-managing.

• Wireless Communication.

• Nodes act as hosts as well as routers.

• Multi-hop Capabilities.

• Scalability and Heterogeneity.

1.3 Usages of Ad Hoc Network

An Ad hoc network may be a preferable network in the following scenarios:

• No Infrastructure available: When a Network is required at a location where infrastructure is not available due to either economic reason or due to geographical or terrestrial difficulty. Building an infrastructure may not be suitable for low or inconsistent traffic demand or may not be possible due to hostile environment.

• Infrastructure inadequate: When infrastructure-based networks become unable to cope with sudden rise of traffic volume (which is deemed to be short-term) or to cope with a change in geographical distribution of traffic density.

• Infrastructure Unnecessary: When data are not required to pass through network infrastructure i.e. local traffic.

In addition, Ad hoc networks can also be used as an alternative to infrastructure-based networks. Ad hoc networking technology can be used to extend the range of WLAN technologies over multiple radio hops. It can also be used as an intermediate solution or a conservative step before some costly upgrade on existing infrastructure being implemented. [5]

1.4 The MANET Model

There are a number of assumptions that are made for the model of MANETs regarding communication parameters, network architecture and network traffic. The assumptions are as follows:

• Nodes have fixed IDs (e.g. IP addresses).

• Nodes are equipped with wireless communication devices.

• Nodes are powered with lightweight batteries that have limited life.

• Nodes have equal capability and are equipped with identical communication devices.

• Nodes connectivity is not a transitive relation. Connectivity between a node C with two nodes A and B does not implies connectivity between A and B.

A MANET is a peer-to-peer network. Which means that it allows direct communication between any two nodes, subjected to adequate radio propagation conditions and transmission power limitations of the nodes. Multi-hop routing is used to transfer data from a source node to the destination nodes in absence of direct radio link between them. This mean, a packet is forwarded from one node to another, until it reaches the destination. Suitable routing protocols need to be used to discover routes between the source and the destination as well as to determine the presence or absence of a path to the destination node. Since an ad hoc network does not have any central entity to take care of these processes, distributed algorithms are used for these purposes [6].

As compared to the traditional wireless networks, the challenges in the design and operation of the MANETs stem from the absence of a centralized entity (Base Station or Access Point), use of wireless medium for communication and the potential for rapid node mobility.

Since the transmission radius of each node is usually much smaller than the entire network span, multi-hop routing is normally used to transfer data packet from a source node to a destination node, which means, intermediate nodes are used to route data to the destination.

1.5 The Protocol Stack

The standard OSI protocol stack is depicted in Fig. 3. In the context of general wireless networks, each layer of standard OSI protocol stack offers different challenges such as the lack of centralized entity, wireless communication medium, characteristics of radio signal propagation, higher probability of radio data packet collision, use of single channel for transmitting and receiving as well as the power constraints.

[pic]

Fig. 3 OSI Protocol stack for wireless network

Recently, communication protocol stack such as the Infrared Data Association (IrDa) protocol stack for Point-to-Point wireless communication and the Wireless Application Protocol (WAP) Forum protocol stack for enabling developers to build advance services across differing network technologies have been developed specifically for wireless networks. [7]

1.6 Wireless Networks Physical Layer

Nodes in a wireless network use radio signal to communicate among themselves. Due to the nature of this communication medium, signal corruption, depreciation and fading is more common in wireless networks as compared to wired or optical networks. Also they must use the same channel to transmit and receive due to the absence of intermediate frequency translating nodes.

The most important factor considered in wireless networks is the Signal to Noise Ratio (SNR). Normally, for short and longer distances the signal power attenuates at a rate of [pic] and [pic] respectively, where r is the distance between antennas. For the MAC layer, to identify engagement of the channel during carrier sensing, the SNR needs to be higher than a certain range of values, otherwise, the probability of collision is increased. [7].

Current three main technologies at the physical layer are Infrared, Direct Sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS). One of the limitations for using infrared is that it is limited to[pic] field of vision. The DSSS has a larger bandwidth as it uses an unchangeable frequency during transmission. On the other hand FHSS has more abilities to resist disturbances [2].

1.7 Ad Hoc Networks MAC Layer

The ad hoc networks MAC protocols deals with link-to-link communication, with an assumption that the routing decision has already been made in some upper layer. In the wireless environment, the existing MAC protocols, especially those belong to the well-known Carrier Sense Multiple Access (CSMA) family, faces the main challenge from two types of interference, known as the hidden terminal and the exposed terminal problems. The hidden terminal problem occurs in the radio network because high degree of connectivity among nodes cannot be assured in this type of network. That is, if two nodes both can hear a third node, may not necessarily hear each other. In exposed terminal problem, a node unnecessary delays a transmission when it not required doing so. The main reason for these problems is due to the fact that most of the time, the collision may occurs in the receiver side instead of the sender side in wireless networks.

Many solutions have been proposed for these problems in the last few years. The exchange of RTS/CTS dialogue between sender and receiver prior to the actual data transfer has been widely accepted.

MAC protocols are designed to provide fairness and to minimize conflicts in the shared radio channel of wireless networks. Some of the MAC protocols suggested for wireless networks can be implemented in and Ad Hoc network e.g. CSMA, MACA [9], and IEEE 802.11 [8]. Among them, IEEE 802.11 appears to be one of the most popular MAC protocols for Ad Hoc networks.

|Standard |Frequency Range |Data Rate |

|IEEE 802.11b |2.4 – 2.485 GHz |Up to 11 mbps |

|IEEE 802.11a |5.1 – 5.8 GHz |Up to 54 mbps |

|IEEE 802.11g |2.4 – 2.485 GHz |Up to 54 mbps |

Table 1 Summary of IEEE 802.11 standards

There are several IEEE 802.11 standards for wireless LAN technology, including 802.11b, 802.11a and 802.11g. All these 802.11 standards use the CSMA/CA [8] protocol for medium access. The main characteristics of these protocols are summarized in table 1. As of now, 802.11b wireless LAN is most prevalent but 802.11a and 802.11g products are also widely available. [4]

Other main technique used in the MAC layer is Elimination Yield Non-Preemptive priority Multiple Access (EY-NPMA) [18], which is used in HIPERLAN/1 (HIgh PERformance LAN) [2].

Examples of currently proposed MAC protocols are Multiple Access Collision Avoidance (MACA) Protocol [9], Dual Busy Tone Multiple Access (DBTMA) Protocol [11] and Floor Acquisition Multiple Access (FAMA) Protocol [10].

1.8 Ad Hoc Networks Routing Layer

Due to the unpredictable node mobility, dynamic topology variation and nature of wireless media, routing is a challenge in ad hoc networks. Many routing protocols have been proposed so far to cope with the challenges, each with its own features. The proposed routing protocols can be classified in many ways. One of the ways is to broadly classified them into three categories, Flat, Hierarchical and Geo-Assisted routing protocols. Fig. 4 shows a classification of some existing routing protocols for ad hoc networks.

[pic]

Fig. 4 Classification of Routing Protocols

Flat routing protocols can be proactive or reactive. In proactive protocols (also called Table-driven protocol), complete routing information of the network is maintained by each node at all time. Therefore, when needed, the route is readily available without any delay for searching. However, in a network with frequently varied topology, this scheme spends a significant amount of scarce wireless resource to keep the routing information up-to-date.

On the other hand, Reactive schemes (also known as Demand-based schemes) protocols take a lazy approach to routing and the nodes maintain routes to active destinations only. The routes are created as and when required therefore route search is needed for every new destination. When a source wants to send to a destination, it invokes the route discovery mechanisms to find the path to the destination. The route remains valid till the destination is reachable or until the route is no longer needed.

The communication overhead is reduced at the expense of delay due to route search in reactive protocols. These schemes are significant for the ad-hoc environment since battery power is conserved both by not sending the advertisements and by not needing to receive them. Some proposed protocols combine both proactive and reactive approaches and are commonly known as hybrid protocol such as Zone Routing Protocol (ZRP) [19].

In hierarchical routing, nodes form hierarchy (e.g. cluster) for the purpose of routing. And in Geo-assisted routing, locations of nodes are obtained through some external device such as GPS.

To summarize, this section introduces ad hoc networks, which is a self-organizing and self-managing wireless network without any infrastructure support. It can be rapidly deployed even in hostile environment, which make it preferable network for emergency services.

The following section describes the SADSR protocol.

2 Security-Aware Adaptive Dynamic Source Routing Protocol

Security-Aware Adaptive Dynamic Source Routing Protocol (SADSR) [1] is one of the proposed secure routing protocols for ad hoc networks. In this section, the SADSR protocol is discussed. Since it is an enhancement of the Dynamic Source Routing (DSR) [12] protocol, therefore the DSR protocol is also briefly reviewed here.

2.1 Secure Routing in ad hoc networks

The security is a weak point in ad hoc networks due to the inherent quality of wireless media, mobility of the nodes and lack of centralized entity. The security requirements are availability, confidentiality, integrity, authentication and non-repudiation, and it is easy to assure all of these requirements. Denial-of-service, impersonation, Byzantine failure, disclosure and poor physical protection of nodes are among the serious security threats. For packet network, the basic routing protocol sets an upper limit to the security since misdirecting the packets can disrupt the function of the entire network [2]. There are a number of routing protocols that cope well with the dynamic nature of ad hoc network, e.g. the Dynamic Source Routing (DSR) [12] and the Temporally Ordered Routing Algorithm (TORA) [13]. But most of these routing protocols assume that every node in the environment is cooperative and trustworthy. As this assumption may not usually be valid, hence a number of secure routing protocols for ad hoc mobile networks have been proposed (e.g [14] and [1]).

The following section describes one of such proposed secure routing protocol, called “Security-Aware Adaptive Dynamic Source Routing Protocol (SADSR)” [1]. Since SADSR is intended to add security on an existing routing protocol called Dynamic Source Routing (DSR) [12] protocol, the following sub-section briefly reviews the DSR protocol.

2.2 Dynamic Source Routing Protocol (DSR)

The Dynamic Source Routing Protocol (DSR) [12] is a reactive (on-demand), source-routed routing protocol. In DSR, each node maintains route caches containing the source routes that it is aware of and updates its whenever it learns about new routes.

There are two major phases in this protocol: route discovery and route maintenance. Whenever a source node wishes to send a packet to a destination node, it first checks its route cache to see if it already knows any route to that destination and it has not been expired. If the route cache contains any such route, then source node sends packets to the destination node using that route. But if no such route exists in the source node’s cache, then it initiates a route discovery process. In this process the source node broadcasting a route request packet that contains the source and destination nodes addresses along with a unique identification number. As the broadcast propagates, each intermediate node that hears the broadcast checks if it is aware of any route to the destination. If it does, then it replies with the route, if it does not, then it forwards the packet to its neighbours after appending its own address to the route record of the packet. But the intermediate nodes forward the packet only if it has not already seen the packet and its address is not present in the route record of the packet. This technique will limit the number of route requests propagated in the network.

When a destination node (or an intermediate node with current routing information to the destination) receives the route request packet, a route reply is generated and sends back to the source node. The information about the path taken by the route request packet so far is included in its route record. An example of route discovery process in DSR protocol is shown in fig. 5 [15].

[pic]

Fig. 5 Creation of record route in DSRP

When a source S broadcasts a route request packet, it propagates through the network and the route record is formed (Fig. 5a [15]). The route reply for a discovered route will either be generated by the destination node or an intermediate node that is aware of a current route to the destination node (if any such route exists). If it is generated by the destination, then the destination node includes the route record (contained in the route request packet) with the route reply packet. But if it is generated by the intermediate node, then it appends its cached route to destination to the route record of route request packet and includes it with the route reply packet. A route reply packet sent by the destination is shown in fig. 14b [15].

There are two types of packets used by DSR protocol for the maintenance of route, which has been named as Route Error packet and Acknowledgements. A Route Error packet is generated when a node encounters a fatal transmission problem at its data link layer. And if a node receives such packet, it removes that hop from its route cache and all routes that include that particular hop are truncated. Acknowledgment packets are mainly used to verify the correct operation of the route links. [15]

2.3 The SADSR Protocol Overview

The SADSR is a secure routing protocol for mobile ad hoc networks. The goal of this protocol is to secure the DSR protocol by extending it in such a way that malicious nodes in a network can be detected by the non-malicious nodes in the same network. Once detected, the malicious nodes are isolated (also by the non-malicious nodes in the network) so that they cannot disrupt the activities of the network. The SADSR protocol uses digital signatures (based on asymmetric cryptography) to authenticate the routing protocol. The protocol basically keeps multiple routes for each destination and a local trust value for each node in the network. Each path is assigned with a trust value, depending upon the trust values of the nodes on that path and during routing, paths with higher trust values are preferred.

2.4 The Attackers

In ad hoc networks, all nodes are expected to take part in the routing. And for that, most of the proposed ad hoc routing protocols need to have a virtual view of the network topology. This view is usually constructed with the help of a process where each node exchanges information about their neighbourhood throughout the network. Any malicious attacker node may target such information with an intension to disrupt the functionality of the network. These malicious nodes are usually divided into two groups, namely external and internal attackers.

External attackers: these types of malicious nodes are capable of bringing down the network by partitioning it into isolated subnets. They are the nodes that responsible for:

• Injecting erroneous routing information.

• Replaying previous routing messages.

• Modifying the valid routing information.

Internal attackers: These nodes usually cause more severe damages to the network. They are the nodes that have been trusted at some earlier time but are not committed to their promises anymore or have been compromised by external attackers. These nodes may also be responsible for sending erroneous routing information to other nodes, which may cause other nodes to modify their local view of the network topology, resulted in:

• Isolation of the affected nodes.

• Pass their traffic through special routes.

Since internal attackers are the nodes that were trusted in some point of time, it means they already have some kind of credentials that is trusted by everybody. This makes it harder to deal with the internal attackers. The SADSR protocol implements a certificate authority (CA) to identify internal attacker and employs the following procedure:

• An off-line certificate from CA is given to each valid node. This certificate bounds IP of the new node with its public key.

• The certificate obtained from CA never expires, which is in contrast to the usual practice where a certificate is associated with an expiration time. Details are discussed in the following sections. [1]

2.5 Assumptions for the SADSR Protocol

The ASDSR protocol is based on the following assumption:

• In general, both External and Internal attacker types of malicious nodes exist in a network, but the number of such malicious nodes is relatively small as compared to the number of trustworthy (or non-malicious) nodes in a network.

• No strong assumptions were made on the number of external malicious nodes and their capabilities.

• All the connections in the network are bidirectional.

• To protect the network against the external malicious nodes, public key crypto is used. Using encryption and public key signatures can protect the routing information from being forged or tampered with.

• A secure Certificate Authority (CA) is assumed to be in place to identify internal attackers. It is assumed that the CA cannot be compromised and all nodes know the public key of CA, denoted by[pic].

• An off-line certificate from CA is given to each valid node. This certificate bounds IP of the new node with its public key.

• The certificate obtained from CA never expires, which is in contrast to the usual practice where an expiration time is associated with a certificate to ensure that a trusted party is not compromised by requiring it to reissue the certificate periodically [1].

2.6 The SADSR Protocol

The proposed SADSR protocol has three different stages, Certificate Acquisition, Multi-path Route Discovery and Routing. For the discussion of all these stages, the following notations are used:

• The public key of node v is denoted by [pic]and the private key of node v is denoted by [pic].

• The public and private key of the CA is denoted by [pic] and [pic] respectively.

• M denotes a message and [pic] denotes encryption of M using the key k.

• H denotes a standard one-way hash function such as SHA1.

2.6.1 Certificate Acquisition

As ad hoc networks do not enjoy the convenience of the existence of any predefined architecture, the establishment of security association between mobile nodes is the most difficult part of providing security in ad hoc networking. Many of the existing secure routing protocols have not addressed well the issues related to security association and key distribution [1].

The SADSR protocol describes the security association mechanism with an example of a context where a group of people gathered for a meeting and want to establish a secure ad hoc wireless network. One of the members from the group is chosen to act as trusted CA to whom each entity proves its identity. Upon that, the CA issues certificates to the entities in an off-line process, which is valid for the entire meeting (life time of the network).

In a similar process to the above example, the SADSR protocol requires that each node in the network should obtain a certificate from a trusted CA before it can join the network. The certificates are issued in an off-line process where each node has to prove its identity to the CA. Once the CA issues a certificate to a node, it will remain valid for the entire lifetime of the network. This approach may pose a security problem if the network continue to exists for a long period of time, but usually this type of networks is set up only for a certain amount of time and cease to exist thereafter. During the operation of the network, the other mechanisms of the SADSR protocol can identify and isolate the nodes that are illegally possess a valid certificate.

Formally, for a node v, the certificate of v, [pic], where [pic] is the IP address of the node v. Every node in the network also obtain the public key of the CA ([pic]) during the certificate acquisition process so that it can verify other certificates.

2.6.2 Multi-path Route Discovery

A node s initiates a route discovery process whenever it wants to communicate with another node d in the network, and it does not already have a know path to that node (or all the known paths to that destination nodes have failed). The source node s initiates such route discovery process by broadcasting a signed route request (RREQ) message M such that [pic], where T is a time stamp and [pic] is the IP address of the destination node. A node v signs a message M means it appends the encrypted hash value of the message M, [pic] and its certificate, [pic] at the end of the message.

Whenever an intermediate node v receives a route request message, it checks if the request is too old or not. To identify if a route request message is too old, the intermediate node calculates the difference between the current time and the time stamp in the message and compares it to a constant, [pic]. If the difference is less than [pic], then it considers that the request is not too old and therefore rebroadcast the message after it signs it. But before re-broadcasting, the intermediate node checks the request for the followings:

• The intermediate node v verifies each of the signatures in the RREQ message it received with a probability p. This will prevent malicious nodes from tampering with RREQ messages.

• The intermediate node v also checks the sequence of the signatures in the message and if it finds out that its own certificate appears somewhere in that sequence then it just discard the message. In this way, RREQ messages are prevented from being trapped in a loop.

Since the RREQ messages are broadcasted in the network, each intermediate node can receive a route request from several of its neighbours for the same source destination pair, (s, d). And due to the multi-path characteristics of the SADSR protocol, the intermediate node is supposed to rebroadcast all such messages. But for a larger network, the set of all possible routes for a source destination pair can be very large making it difficult for discovering or keeping track of all such paths. To address this issue, the SADSR protocol limits the number of routes in each route discovery process to some constant, which is denoted by m.

As the numbers of routes for a source-destination pair are kept limited, therefore the number of rebroadcast of RREQ messages by the intermediate nodes for the same source-destination pair may also be kept limited. With this in mind, the SADSR protocol requires each intermediate node to:

• Keep track of sources and destinations of all route request messages it has rebroadcast.

• Keep one counter for each source-destination pair.

• Keep a list of its neighbours from which it has received that particular route request message.

And with all information in hand, the SADSR protocol allows an intermediate node to rebroadcast a route request message for a maximum of [pic] times. Also, an intermediate node will rebroadcast only one (the first one) route request message for the same route request if it arrives multiple times from its neighbour. This way, preference for edge-disjoint paths is enforced, which is desirable since a number of paths following a single link will all be broken if that link fails. After [pic] time, the intermediate nodes will clear all the entries for each route request message.

The destination node d, upon receiving the first route request message from a source node s, sets up a timer and begins to reply to the received RREQ messages. It replies to all received RREQ messages containing paths that are node disjoint. If a path is not node disjoint with previously replied paths, then the destination node replies to this message with 50% probability. This is to ensure that s gets enough number of routes even if d has a very few neighbours.

Reply to a route request is sent by the destination node after it signs the reply. The route reply message takes the form, [pic], where T is again a time stamp. The reply is sent back to the source node s by uni-casting via the same intermediate node of the corresponding RREQ message. The intermediate nodes verify each of the signatures in the message in the similar way with the probability p, sign it and forward it to the next hub if the signatures are valid. The information in the route reply messages are not used by the intermediate nodes to update their routing tables, which is in contrast to the DSR protocol. In this way, all the signatures in the route reply messages is checked once by the source node only, rather than checking all the signatures by all the intermediate nodes.

The destination node d continues to reply to the received valid RREQ messages from s until either a predefined time [pic] has been elapsed from the time of the arrival of the first such message from s, or the number of times the request has been replied to is less than the above mentioned number m.

2.6.3 Routing

In SADSR protocol, every node v locally calculates and keeps a value for the trustworthiness of the other nodes, based on the observations it has made so far. The trust values of the nodes in a path increase every time v successfully sends a message through that path, and decrease if a message is lost or tampered with. Since the acknowledgements are sent back to the source node s by the destination node d through the same path via which the message has arrived, thus s can identify if the destination node properly receives the message sent through that path.

In SADSR, every source node s are likely to know m paths for a destination node d and each time node s wish to send a message to d, it may chose a path (among m paths) based on the trust values of the m paths. To assign a trust value of each path, s needs to keep tracks of the paths through which it has sent packets and weather or not it has received the acknowledgement through that path for the corresponding message. And for this, each source node uses two counters for each node v in a path, [pic] and [pic], where [pic] is the number of successful transmission through v and [pic]is the number of unsuccessful transmission through v. Then the trustworthiness of v is defined as [pic], where [pic]is a parameter, which can be used to decide upon the level of punishment to be given to a node for each failed transmission.

Finally, the trustworthiness of a path [pic]is defined as multiplication of the trustworthiness of all the nodes on that path. But as this definition of trustworthiness of a path is unfair for the longer paths, therefore it is redefined as [pic], which still offers statistical preference to the shorter paths to the longer ones (if the nodes in the path have equal trustworthiness), but minimizes the impact of simple multiplication on longer paths.

The node s chose a path randomly from the list of available paths, where the chance of a path to be chosen is proportional to its trust value. Once s done with the selection of the path, it signs and sends the data packet, after appending a sequence number [pic] and the chosen path in it, through that path. As the signed data packet travels through the network, intermediate nodes verify the signature of s with a probability p and then forward the packet, if it is valid.

After a packet reaches the destination node d through a path [pic], node d will send back, through the same path, an acknowledgement [pic], after it sings M. Again, the intermediate nodes verify the signature of d with a probability p and then forward the packet towards node s.

The source node s maintains a table of sequence numbers of packets sent, the path used and a time stamp for [pic]time units. The node s updates entries for each node in a path every time it receives a valid acknowledgement through that path. But if after [pic] time, node s does not receive any acknowledgement for a sent packet through a path, then s assumes that packet is lost. And therefore, corresponding y value on the path is increased to punish all the nodes along the path.

An internal link may also fails during a routing process. In SADSR protocol, during the process of forwarding packets along a given route, if an intermediate node [pic] fails to communicate with the next node [pic] due to some kind of network failure, then [pic] signs and send a route error message [pic] back to the source node s. After receiving this message, s eliminates all paths containing the link [pic] from its route cache, where [pic] are determined using the [pic] in the route error message.

2.7 Security Analysis

The possible attacks on DSR protocol can be grouped as follows:

• Attacks on Route Discovery

• Attacks on Routing

• Fabrication of Route Error Messages and

• Denial of Service Attacks

Description of these attacks and the way that the security enhancements of the SADSR protocol can prevent or detect these attacks are discussed in the following sections.

2.7.1. Attacks on Route Discovery

During a route discovery process a malicious node can disrupt the network functionality by one of the following ways:

• Modification of source routes

• Route cache poisoning and

• Not participating in route discovery

The attacks and safeguards provided in SADSR protocol are discussed in the following sections.

2.7.1.1 Modification of source routes

In case of DSR protocol, a malicious intermediate node may change the contents of a discovered route during the route discovery process. In SADSR protocol, this issue is addressed by requiring each node to sign the route message after it adds itself to a discovered path. This way, if the content of a route message is changed, it will be detected by either the intermediate nodes or the destination node. But during an ongoing route discovery process, it is possible for a malicious node to eliminate some or all of the nodes in the partial path discovered so far together with their signatures and then add its IP and signature to the path, before broadcasting it. This will not be detected by the intermediate nodes or the destination node. The reason is that, the destination node will view it as a legitimate route and therefore send back the path to the source after signing it, if this path is selected during the path selection process in the destination node. But in that case, this message will never arrive to the source node due to the wrong path information. On the other hand, if a malicious node modifies a route reply message, then if it changed the source node of a route reply message then the message will never reach to the source (and will be discarded at some point of time as an invalid packet). But if the route is modified in such a way that the message can still reach to the source node, the signature verification process in source node will identify it as an illegitimate route and thus, will be rejected.

Therefore, SADSR protocol will eventually be able to identify a valid route (route without any malicious node along the path) from source to destination, if at least one such path exists. But in case no such valid path exists, then the protocol cannot guarantee for the successful route discovery.

2.7.1.2 Route cache poisoning

Since the SADSR protocol does not allow promiscuous listening and snooping in forwarded packets containing route information; hence a incorrect paths advertised by malicious nodes will be having no effect on route cache of other nodes. In addition, in contrast to DSR, only the destination is allowed to send back route replies and the route caches of intermediate nodes are not used. Therefore, any invalid data, if any, about the topology of the network will remain local.

2.7.1.3 Not participating in route discovery

A malicious node may refuse to broadcast route requests or to forward route replies during the route discovery process. This kind of non-cooperative behaviour may consume some bandwidth and communication power of other nodes, but it will not disrupt the entire route discovery process. But in general, the SADSR protocol is not equipped to handle such kind of passive malicious behaviour.

2.7.2 Attacks on Routing

It is possible that a node that behaved appropriately during the route discovery process may start to act maliciously during the routing phase. Such kinds of attacks are discussed below.

2.7.2.1 Modification of Routes or Data in a Data Packet

In this type attack, a malicious intermediate node modifies the content of a data packet. It may also modify the routing information and even may change the routing information in a way to create loops in the path. But when this modified packet is received by some node in the path (that is not malicious) and it checks the source node’s signature, this modification is detected. But if the packet reaches to the destination, then the signature verification at the destination node fails, requiring the destination node not to send back any acknowledgement to the source node. On the other hand, if the malicious node modifies the destination in the packet, then the packet will never reaches to the destination node, which ultimately also resulted in no acknowledgement send back to the source node. And as the SADSR protocol is designed to punish the nodes and paths through which the source node does not receive an acknowledgement, and source node will try to avoid such paths for further communication.

2.7.2.2 Dropping the Packets

In this type of attack, a malicious node drops the packets during routing, which may reduce the throughput. If the shortest path from s to d is corrupted in this way, then in the DSR protocol, the source node will continue to send the packets through this path until it receives some kind of route error message. This may cause all the data packets sent so far to be lost. But the SADSR protocol has been designed not to use the same route all the time. Any route at a particular point of time is chosen randomly from a set of available routes. In addition, since the source node will not receive any acknowledgement for the dropped packets, it gradually reduces the trust value of that route, resulted in reducing the probability of using that particular route for the future transmission. If the malicious node continues the same behaviour, the punish process will ultimately be able to completely isolate the node. This will result in higher throughput then DSR protocol in the presence of this type attack.

2.7.3 Fabrication of Route Error Messages

This is a kind of attack where a malicious node may generate and send false route error messages to a source node s for every packets that s send to a destination node d. This will prevent s to communicate with d. The DSR protocol does not provide any mechanism that can prevent such malicious behaviour, as a malicious node can easily fool the source node by spoofing its own IP and making it the same as the IP of a node that is just before the destination node d. This way, the route error message sent by the malicious node will be appeared as valid to s. In addition to that, intermediate nodes may snoop the false route error message and update their route cache to reflect the false information that they believe to be valid (e.g. eliminate the route assuming a broken link).

But the SADSR protocol prohibits any such snooping and therefore only the source node can update its route cache in case of a route error message. In addition, the verification of signature of the node at which the broken link is discovered will confirm the validity of the route error message. Also, the replay attacks is prevented by the time stamp in the route error message.

2.7.4 Denial of Service Attacks

Malicious nodes may easily create Denial of Service (DoS) attack in an ad hoc network by simply broadcasting too many RREQ messages. If nodes in the network are not capable of making any assumption about the mobility of other nodes, large number of RREQ messages will be considered by them as resulted from broken links due to high mobility of nodes (rather than a DoS attack). And therefore, will continue to reply to such messages. Preventing DoS attack in ad hoc environment is a difficult task. Following is a discussion on two types of attacks may cause DoS attack.

2.7.4.1 Sending RREQs with Fake IDs

A malicious node may cause DoS attack at the destination node by broadcasting a large number of RREQ packets after disguising itself by spoofing its IP. But in the SADSR protocol, the number of RREQs broadcast is limited depending upon the probability of each intermediate node verifying the signatures. By the signature verification, intermediate nodes will caught and get rid of some of the invalid RREQ packets. And for those invalid RREQ packets that are able to make to the destination node, their certificate and signature will be checked over there and the invalid RREQs will be detected. The destination node does not reply with an RREP packet for an invalid RREQ, and therefore the network does not get flooded with RREP packets in addition to the RREQ packets. But still, network can be flooded with RREQ packets and DoS attack may still be made on the destination node, as it will be busy with the verification of certificates and signatures in the invalid RREQ packets.

2.7.4.2 Sending RREQs to a Fake Destination

In this attack, a malicious node may cause DoS attack by sending a RREQ to an invalid destination. In such case, all intermediate nodes will sign and rebroadcast the message for up to m times. To prevent this, the SADSR protocol may be extended to limit the rebroadcast of the RREQ packets by the intermediate nodes by assessing the trust value of the source node. Another way is to keep the statistics about the frequency of route requests from a source node to decide on whether or not to broadcast its RREQs.

2.8 Experimental Results

Following sections describe the simulation and the result of some experimentation on the SADSR protocol.

2.8.1 Simulation Setup

The effect of SADSR protocol was simulated using ns2 simulator. The header size for each routing packet was increased and the multi-path discovery and routing was implemented. Experiments were conducted with two sets, first with no malicious nodes (to demonstrate the overhead introduced due to security enhancements) and the second with 20% malicious nodes (to show the throughput difference between SADSR and DSR in the presence of malicious nodes).

In the simulation, a malicious node is defined as a node who acts normally during the route discovering process, but drops all data packets, error and acknowledgement messages. The random waypoint mobility model was used for nodes movements. Nodes were initially placed on a random location where it pauses for certain time then move randomly to a new location at a uniform velocity between 0 and the maximum velocity.

The data communication pattern in the study used 10 source-destination pairs; each sent a constant bit rate (CBR) flow of 4 data packets (each 512 bytes) per second. Following two matrices are used to measure the performance:

• Packet Delivery Ratio: The total number of data packets received, divided by the total number of data packets originated.

• Normalized Packet Overhead: The total number of routing messages transmitted divided by the total number of data packets received. (Each hop-to-hop transmission is counted as one packet. Acknowledgment packets are not counted.)

Table 2 listed the Scenario Parameters and table 3 listed the SADSR Parameters used for the experiment.

|Parameter |Value |

|Number of Nodes |50 |

|Maximum Velocity |20 m/s |

|Dimensions of Space |1500m X 300m |

|Nominal Radio Range |250 m |

|Source-Destination Pairs |10 |

|Source Data Rate |4 packets/sec |

|Application Data Payload Size |512 bytes |

|Total Application Data Load |163 kbps |

|Raw Physical Link Bandwidth |2 Mbps |

Table 2 Scenario Parameters

|Parameter |Value |Interpretation |

|[pic] |2 sec |Maximum time to wait for an acknowledgment |

|[pic] |2 sec |Maximum time a RREQ can live |

|m |4 |Maximum number of routes maintained per destination |

|[pic] |3 |Punishment ratio |

Table 3 SADSR Parameters

2.8.2 Results

The experiments show that the packet delivery ratio is almost same for both protocols in absence of malicious nodes (fig. 6). But in the presence of malicious nodes, the SADSR performs quite well as compared to DSR (fig. 7). In fact, it is almost constant and nearly 100% except for the high mobility scenario.

[pic]

Fig. 6 Packet delivery ratio in absence of Fig. 7 Packet delivery ration in presence

malicious nodes. of malicious nodes.

Fig. 8 and 9 depicts normalized routing overload for SADSR and DSR in the absence and presence of malicious nodes respectively. And as shown in the figures, in both cases SADSR has higher overload than DSR.

[pic]

Fig. 8 Normalized routing overhead in Fig. 9 Normalized routing overhead in

absence of malicious nodes. presence of malicious nodes.

The SADSR protocol is described in this section. The following section will describe the SERAN procedure to hide equipment in ad hoc networks.

3 SERAN: Security Equipment protocol in Routing in Ad hoc Networks

In this section, the SERAN protocol, a new approach proposed to hide equipment in ad hoc network is discussed.

3.1 Overview

The fourth Generation Wireless Network represents the next generation of mobile networks, including ad-hoc networks. As mentioned earlier, security of data in such networks has been a major problem. Moreover, as most of such networks are based on mobile devices like cellular phone, portable computers etc. that have limited battery life, protecting equipment for saving energy is also a major problem. Protecting equipment scheme may also be useful for isolating a congested node in the network.

Security Equipment protocol in Routing in Ad hoc Networks (SERAN) is a new approach towards solving these problems in ad hoc networks. In SERAN, a node is provided with the ability to use the ad hoc network without completely providing its resources into it i.e. a node get the ability to ‘hide’ themselves form all other nodes in the network. The node that is protected by SERAN will be invisible, if it chose to be, in the routing tables of the other nodes; therefore it will not be used for routing in the network. This is essential when the battery of that device is has a shortage of charge and there is a possibility of the device getting disconnected from the network in near future. Moreover, since no other device in the network can directly communicate with it, the purpose of security is also served. A node may also be isolated from the network using this method. The SERAN uses the smart cards technology and introduces a new layer called “SERAN” in the IP layer to accomplish its objective and dose not need to modify the existing routing layer [2].

3.2 Smart Cards

The implementation of SERAN depends on equipment called ‘Smart Card’ [17]. Smart cards are small plastic cards resembling credit cards in appearance. The physical structure of a smart card is specified by the International Standards Organisation (ISO) 7810, 7816/1 and 7816/2. Generally it is made up of three elements. The plastic card is the most basic one and has the dimensions of 85.60mm x 53.98mm x 0.80mm. A printed circuit and an integrated circuit chip are embedded on the card. Fig. 10 shows a sample and an overview of the physical structure of a smart card. [16]

[pic]

Fig 10 The Smart Cards

The printed circuit usually has five connection points for power and data. The capability of a smart card is defined by its integrated circuit chip. Typically, an integrated circuit chip consists of a microprocessor, read only memory (ROM), non-static random access memory (RAM) and electrically erasable programmable read only memory (EEPROM) which will retain its state when the power is removed.

The logical architecture of the smart card used by the SERAN consists of CPU, I/O, ROM, RAM, EEPROM and the Security and is shown in fig. 11 [2].

[pic]

Fig. 11 The logical architecture of a smart card

Since the smart card has its own CPU, Memory and I/O ports, it can act as an independent entity. It can execute necessary operations without depending on external resources and execution of such results will not be effected by outsiders’ influence.

3.3 Definition and Notations

The basic idea of SERAN is to provide a secure node with dynamic IP address. Neighbouring nodes in ad hoc networks know each other at the MAC layer but a node cannot communicate with the others without an IP address. Fig. 12 [2] shows an example of a network using SERAN. The protected node is denoted by [pic] and the only node able to communicate with this protected node is denoted by [pic]. As sown in the figure, if the protected node [pic]chose to be invisible, then it cannot be used to route packets between any pair of node (M, N).

[pic]

Fig. 12 Security equipment Fig.13 New stack of network layers

The SERAN introduces a new layer, called SERAN, between the IP and the transport layer (fig. 13 [2]), which is able to understand all the signalling for the security equipment in the messages of [pic]. The secure node [pic] is controlled by using a smart card that can provides it with fixed or temporary IP addresses. If fix IP addresses is given, then [pic] will act as a normal node, otherwise it will be invisible to the network.

3.4 The Communication in SEARAN

The SERAN protocol enables a node [pic] to hide itself using smart cards. The card is logically located between the MAC layer and network layer so that it can react for the packets arriving at the node’s MAC layer (fig. 14), The hidden node has no fixed IP address and a simple version of Dynamic Host Configuration Protocol (DHCP) is used to configure it if it intends to connect to the network. The DHCP is implemented in the smart cards and it dynamically assigns IP addresses to the node when needed. One IP address is assigned for each frame. Generally, the node will not have an IP address if there is no communication. If a packet arrives to its MAC layer, with its own MAC address as destination address (or if it is a broadcast packet), then the node is given a temporary IP address and the packet can rise to IP layer. If the node wants to send a packet, then it takes the IP address from the card and uses it.

[pic]

Fig. 14 The logical position of smart card Fig. 15 Communication via [pic]

The [pic] directly communicates only with the node [pic] for sending and receiving packets (fig. 15). To every one else, it will be invisible. For communicating with other nodes on the network, [pic] will have to send and receive packets via [pic]. The procedure of sending and receiving packets to and from other nodes via[pic] is discussed below.

3.4.1 Sending Data to Other Nodes

Every time there is a communication, the smart card assigns a different IP address for the node[pic] and discards it after that session ended. A new IP address will be generated and assigned for a later session. Therefore, whenever there is an outgoing packet, [pic] gets an IP address from the smart cards and pass the packet using that address. After passing through the network layer, the address is discarded and the packet is uni-cast to [pic]including only the destination address in the SERAN header. The SERAN layer is capable of recognizing and sending the message to the destination. The SERAN header includes the source MAC address to distinguish the real source. Fig. 16 shows an example of information in the SERAN and IP header for sending a packet from [pic], where [pic] sends the packet to [pic], and [pic] sends it to the destination node D.

[pic]

Fig. 16 Information in the SERAN and IP header for sending a packet

3.4.2 Receiving Data from Other Nodes

Whenever there is an incoming packet in the MAC layer of the [pic] the card checks the header of the packet to see if the packet’s destination MAC address is its own or if the packet contains the broadcast address (255.255.255.255). If any of these is true, then the [pic] will get a temporary IP address from the card and pass the packet to the IP layer. The smart card is capable of decoding the header of the packets.

[pic]

Fig. 17 Information in the SERAN and IP header for receiving a packet

Fig. 17 shows an example of information in the SERAN and IP header for receiving a packet by [pic] send to it from a node D. The node [pic] receives the packet from [pic] with the help of smart card.

3.5 Evaluation of [pic]

As topological changes are often and very unpredictable in ad hoc networks, therefore it is possible for [pic] and [pic] of getting disconnected. If this happens, then a new [pic] is selected using the following scheme.

If [pic]does not hears from [pic] for certain amount of time, then it uni-casts a short ‘hello’ packet to [pic], using TTL=1, to see if it still is a neighbour. If it receives a response back from[pic], then everything is ok, otherwise, after a couple of failed retry, [pic]sets to find a new [pic].

[pic]

Fig. 18 An example of finding new [pic]

To find a new [pic], the [pic] broadcasts a special information (with TTL=1) to all is neighbours and the SERAN layer of the neighbours reply to it. Depending upon certain criteria like power level, position etc. [pic] selects a node as [pic], and sends a confirmation to it, while ignoring the other responses (fig. 18 [2]). If [pic]does not receive any response at all, then it will mean that it is disconnected from the entire network. In this case, [pic] will continue to try.

If an old [pic](means [pic] is no longer its neighbour) receives a message from a source for [pic], then it tries to find out [pic]by broadcasting a new message. If it is received by the [pic], the [pic] will send a response back to old [pic] via new [pic]. Then the old [pic] may send the packet to the new [pic] and at the same time, informs the source about new [pic] for further communication.

3.6 Improvement

The SERAN scheme can be improved in a way so that every time a new session starts, the protected node’s smart card or the SERAN layer will be capable of producing a pair of private/public RSA keys. The destination node D, after receiving the public key of [pic] will send back its own public key, as it will understand that [pic]wants to communicate wit it. Then [pic] can encrypt its address using the public key of D and send it to D. After D receives the enciphered address, it can decrypt it and start communicating. Figure 19 [2] shows the signalling between [pic]and D to exchange their keys and data.

[pic]

Fig. 19 Signalling between [pic] and D

The RSA algorithm may be used for the improvement as it sends only public keys in the wireless network. Each session will use a new pair of key. Therefore, nodes with no key or old key will not be able to communicate with [pic].

3.7 Advantages and Disadvantages

The SERAN provides the following advantages:

• If it is intended to keep a node secret, the hiding the IP information of that node will serve the purpose.

• Protected node saves its energy, which may be desirable as the nodes in an ad hoc network are usually operated using battery power. Since the protected node is not used as a router for others, hence instead of using energy for others, it uses it for its own communication purpose.

• Protected node can send and receive rapidly, as it does not have to wait for the termination of the current route passing.

• The protection scheme may avoid certain routing threats like “overflow routing table” (as it stores only the route to [pic]) and “sleep deprivation” (as an attacker will be unable to request routes, or to forward useless packets to the protected node and consumes energy). In addition, unstable nodes or low performance nodes can be excluded from routing using this method.

Followings may be considered as disadvantages of the SERAN scheme.

• The scheme may have bad influence for the global routing as some routes may have to use longer path for not using the protected node for routing. Even some nodes may get disconnected as [pic] appears to be invisible to the network.

• It may reduce the number of multi-routes.

• In SERAN, [pic]is a critical node and if it is impersonated, eavesdropped or compromised, then [pic] will be vulnerable to attacks. Selection of [pic]is also remains as an issue.

The SERAN procedure to hide equipment in ad hoc networks has been discussed in this section. The next section will conclude this report.

4 Conclusions

Substantial research activity has been observed in the field of Ad Hoc Wireless Networking in last few years. Though military has been experimenting and using this technology for quite some times, the research community has been working to find non-military application for ad hoc networks. The deployment ad hoc networks offer many challenges including manageability, security, and availability of communication through this type of technology. And security is a weak point in this type of networks.

The SADSR protocol intends to secure an already existing ad hoc routing protocol known as DSR protocol. It uses the concept of digital signatures based on asymmetric cryptography to authenticate the routing protocol messages. A reliable Certificate Authority is assumed who can issue certificates to the participating nodes in an offline basis, depending on their credentials. The protocol keeps multiple routes for each destination and a local trust value for each node in the network. Each path is assigned with a trust value, depending upon the trust values of the nodes on that path and during routing, paths with higher trust values are preferred.

On the other hand, the SERAN can protect a node in an ad hoc network in a way so that it remain invisible to the rest of the network and can not be used by the others for their purpose i.e. for routing. But the protected node will be able to communicate with the network whenever it wants to, using a dynamically variable IP address, which is given to it whenever it wishes to communicate. Smart cards are used to control the assignment of IP address for all the incoming and outgoing packets. The protected node is allowed to communicate directly with only one of its neighbour node, which can be changed depending upon the network topological condition. To avoid the modification of the existing routing layer, a new layer called SERAN is introduced into the IP layer, which is able to distinguish and treat the special information.

5 References

[1] “Security-aware adaptive dynamic source routing protocol”, Ghazizadeh, S.; Ilghami, O.;

Sirin, E.; Yaman, F.;Local Computer Networks, 2002. Proceedings. LCN 2002. 27th Annual

IEEE Conference on , 6-8 Nov. 2002 Pages:751 – 760

[2] “SERAN: a new protocol to hide an equipment in ad hoc networks”, Ben-Othman, J.; Xiaoyun

Xue;Computers and Communication, 2003. (ISCC 2003). Proceedings. Eighth IEEE International

Symposium on , 30 June-3 July 2003 Pages:356 - 361 vol.1

[3] , Jan, 2004

[4] James F. Kurose, Keith W. Ross - Computer Networking - A Top Down Approach featuring The Internet,

Third Edition, Addison Wesley, 2004

[5] , Jan. 2004

[6] Zygmunt J. Haas, Jing Deng, Ben Liang, Panagiotis Papadimitratos, and S. Sajama, "Wireless ad hoc

networks," in Encyclopedia of Telecommunications, John G. Proakis, Ed. Wiley, 2002.

[7] , Jan. 2001

[8] IEEE 802.11 Working Group, “Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)

specifications, 1997.

[9] P. Karn, "MACA - A new channel access method for packet radio,'' in ARRL/CRRL Amateur Radio 9th

Computer Networking Conference, pp.134-140, 1990

[10] C.L. Fullmer, J.J. Garcia-Luna-Aceves, "Floor acquisition multiple access (FAMA) for packet-radio

networks,'' in Proc. ACM SIGCOMM'95, pp.262-273, 1995

[11] Z.J. Haas and J. Deng, "Dual Busy Tone Multiple Access (DBTMA): A Multiple Access Control Scheme

for Ad Hoc Networks,'' IEEE Transactions of Communications, 2002

[12] David B. Johnson, Davis A. Maltz, "The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks"

October 1999 IETF Draft, 49 pages.

[13] VD Park and MS Corson "A highly adaptive distributed routing algorithm for mobile wireless networks",

Proc. INFOCOM'97, Apr. 1997, 9 pages.

adaptive-routing-infocom97.pdf

[14] P. Papadimitratos and Z. Haas. Secure routing for mobile ad hoc networks. In SCS Communication

Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), TX, 2002.

[15] , 1999

[16] , 2004

[17] Zhiqun CHEN. Java Card Technology for Smart Cards, Architecture and Programmer’s Guide.

AddisonWesley. 2000 Sun Microsystems, Inc.

[18] Amir Qayyum. Thesis of INRIA Rocquencourt, France. Analysis and evaluation of channel access

schemes and routing protocols for wireless networks. November, 2000.

[19] M.R. Pearlman and Z.J. Haas, "Determining the Optimal Configuration for the Zone Routing Protocol,''

IEEE Journal on Selected Areas in Communications, Special Issue on Wireless Ad Hoc Networks,

vol.17, no.8, pp.1395-1414, August 1999

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download